Topics

Hacking the Competition

By

During the summer of 2010, Symplicity Corporation knew it wasn’t keeping up with the competition.

Trying to stand out in the small world of technology companies that supply colleges with software to track student disciplinary cases, Symplicity CEO Ariel Manuel Friedler noticed more colleges and universities picking its main competitor, Maxient, because its software “feels like a website,” he emailed to employees. “We are bleeding ... we have lost close to a dozen [clients] this year.”

To win back colleges, Symplicity’s top leader and two other employees hacked their way into Maxient’s servers to stock up on the competitor’s product design, new features and software layout.

“Desperate times call for desperate measures,” Friedler told the chief technology officer, Alok Dhir, in a message, according to court documents.

That wasn’t the first or last time that Friedler and other workers at Symplicity gained illegal access to competitors’ software and client list. In January 2010, he texted Dhir that he was trying to hide his IP address to “get into a competitor’s shit.”

After a four-year federal investigation, Friedler, 36, now faces up to five years in prison after pleading guilty last week to conspiring between 2007 and 2011 to hack into the computer systems of two competitors, Maxient and Pave Systems Inc.

Friedler last week also left the company he founded 18 years ago as a sophomore at Northwestern University and issued a mea culpa last week, saying he “let my competitiveness get the best of me and I crossed a line.”

He will be sentenced by a U.S. district judge on Aug. 1.

The depth of the scandal is almost unheard-of in the higher education technology market – and may just be the start of a larger dispute.

Maxient officials are now mulling civil action against the company after initially raising concerns with federal officials four years ago that when it traced unauthorized log-ins to its network from Symplicity’s headquarters in Arlington, Va.

Symplicity, Maxient and their competitors “derive their competitive edge from the design and features of the system, which they consider proprietary and confidential,” according to court documents. Maxient lost at least $217,097 because of Friedler’s conspiracy, according to the plea agreement filed last week.

“It doesn’t get any dirtier,” Aaron Hark, co-owner of Maxient, said in an interview. “The company continues to gain from that illegal activity. We feel the company still has a price to pay.”

Maxient released a statement to clients last week that was even more damning, calling on colleges to abandon Symplicity, which named a new CEO and hyped new ethical training in Friedler’s letter.

“Mr. Friedler characterized his actions as ‘foolish, immature, and arrogant,’ but we find the Court’s assessment more accurate: illegal and criminal,” read the Maxient statement. “It is our hope that this incident will serve as a call to action, and other institutions will begin to eschew products built upon a foundation of unethical and illegal activities.”

Colleges have been looking to outside software companies more and more to sort out student disciplinary cases, especially with regulators increasing scrutiny of how colleges deal with sexual violence cases and campus crime data. Universities such as Washington University in St. Louis, Arizona State University and University of California at Los Angeles use Symplicity.

The company also offers software to manage career services, academic advising and residence halls, as well as contracting with U.S. Senate offices to manage constituent services. It has more than 1,200 customers across the higher education, government, legal, commercial and nonprofit fields, according to its website.

Matthew Gregory, president of the Association for Student Conduction Administration, said its board of directors will discuss next month how to respond to the revelations.

“By the nature of our work, it’s important to approach job with integrity and character,” said Gregory, who is also an associate dean at Louisiana State University. “I would imagine campuses that are institutional users of Symplicity will have conversations about what’s best for their campus.”

That’s especially true because Friedler now admits he and employees came up with a scheme to use colleges’ passwords and data to see how Maxient and Pave run their systems. Friedler led employees on a conspiracy to decrypt encrypted passwords used by colleges, taking screenshots and copying information gleaned in competitors’ systems.

After Symplicity lost a bid for Vanderbilt University as a client during the summer of 2011, Symplicity employees tried to log into Maxient’s system as Vanderbilt, according to court documents.

“Everybody is very sensitive to any kind of breach or unauthorized access,” said Eric Stoller, who consults with colleges on student affairs technology and blogs for Inside Higher Ed. “To hear about someone who with his company was engaging in this activity, intentionally and maliciously, that’s got to give some administrators pause and make them say, ‘We should reevaluate this and maybe look at a different vendor.’ ”

Hark said he hasn’t received any calls from colleges that are Symplicity clients looking to sign on with Maxient – which has about 10 employees who just focus on student conduct software, compared to Symplicity’s 154 employees and suite of products.

In his letter to clients, Friedler talked up the company’s ethics changes. He said the company improved ethical training and added oversight, “as well as other measures to make sure this never happens again.” He also pointed to new CEO Bill Gerety serving “in positions of high trust” in the U.S. Army Reserves. Gerety did not respond to requests for comment.

Victoria Chapa, a marketing coordinator at Symplicity, said in an email: “Symplicity has not been – and will not be – charged in this matter and the company will continue to provide its millions of users with secure, reliable platforms for effective information management without interruption.”